Extend system_settings role

- Proxy - DNS Signed-off-by: Ondra Machacek <omachace@redhat.com>
redhat-cop · Mar 13, 2024 · c009ba5 · c009ba5
1 parent 3d35896
commit c009ba5
Show file tree

Hide file tree

Showing 10 changed files with 233 additions and 39 deletions.
diff --git a/Makefile b/Makefile
@@ -8,4 +8,4 @@ install-ansible-collections:
 
 .PHONY: integration
 integration: install-python-packages install-ansible-collections
-	ansible-test integration --no-temp-workdir
+	ansible-test integration --no-temp-workdir system_settings_test
diff --git a/roles/system_settings/README.md b/roles/system_settings/README.md
@@ -20,12 +20,9 @@ N/A
 - **system_settings_validate_certs**
   - Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted.
 
-### Security
-- **system_settings_ntp_servers**:
-  - List of NTP servers. This method updates old NTP servers from configuration and sets the input NTP servers in the configuration. If NTP based time synchronization is used internally, the NTP daemon will be restarted to reload given NTP configuration. In case NTP based time synchronization is not used, this method only replaces servers in the NTP configuration.
+### System settings
 
-- **system_settings_timesync_mode**:
-  - Set time synchronization mode.
+#### General
 
 - **system_settings_timezone**:
   - Set time zone.
@@ -36,9 +33,55 @@ N/A
 - **system_settings_resize_storage**:
   - Resize all partitions to 100 percent of disk size. Default is `false`.
 
+#### DNS
+
+- **system_settings_dns_mode**:
+  - Set the DNS mode - either static or DHCP.
+
+- **system_settings_dns_servers**:
+  - List of DNS servers to add/set.
+
+- **system_settings_dns_mode_append**
+  - If `true` items from `system_settings_dns_servers` will be added to already configured DNS servers. If `false` servers will be overriden.
+
+- **system_settings_dns_domains**:
+  - List of DNS domains to add/set.
+
+- **system_settings_dns_mode_append**
+  - If `true` items from `system_settings_dns_domains` will be added to already configured DNS domains. If `false` domains will be overriden.
+
+- **system_settings_dns_hostname**:
+  - Set the hostname of the vcenter.
+
+#### NTP
+Note: NTP service will be restarted if configuration is changed.
+
+- **system_settings_timesync_mode**:
+  - Set time synchronization mode.
+
+- **system_settings_ntp_servers**:
+  - List of NTP servers. This method updates old NTP servers from configuration and sets the input NTP servers in the configuration. If NTP based time synchronization is used internally, the NTP daemon will be restarted to reload given NTP configuration. In case NTP based time synchronization is not used, this method only replaces servers in the NTP configuration.
+
+#### Proxy
+
+- **system_settings_noproxy**:
+  - List of hosts that should be ignored by proxy configuration.
+
+- **system_settings_proxy**:
+  - A list of proxy configurations.
+
+    Proxy options:
+    * enabled: Required. Define if this proxy configuration should be enabled.
+    * url: Required. Define the URL of the proxy server (including protocol ie. http://...).
+    * port: Required. Define the port of the proxy server.
+    * protocol: Required. Define the protocol of the proxy server(FTP, HTTP, HTTPS).
+    * state: Define if the proxy configuration should be `present` or `absent`.
+    * username: Define `username` for the proxy server if proxy requires authentication.
+    * password: Define `password` for the proxy server if proxy requires authentication.
+
 ## Dependencies
 
-- NA
+- vmware.vmware_rest
 
 ## Example Playbook
 ```yaml

diff --git a/roles/system_settings/defaults/main.yml b/roles/system_settings/defaults/main.yml
@@ -1 +1,3 @@
 system_settings_resize_storage: false
+system_settings_dns_mode_append: false
+system_settings_proxy: []
diff --git a/roles/system_settings/handlers/main.yml b/roles/system_settings/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: Restart ntpd
+  vmware.vmware_rest.appliance_services:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    service: ntpd
+    state: restart
diff --git a/roles/system_settings/tasks/dns.yml b/roles/system_settings/tasks/dns.yml
@@ -0,0 +1,54 @@
+- name: Append the DNS servers
+  vmware.vmware_rest.appliance_networking_dns_servers:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    mode: "{{ system_settings_dns_mode | d(omit) }}"
+    server: "{{ item }}"
+    state: "add"
+  loop: "{{ system_settings_dns_servers | d([]) }}"
+  when: "system_settings_dns_mode is defined or system_settings_dns_servers is defined"
+
+- name: Set the DNS servers
+  vmware.vmware_rest.appliance_networking_dns_servers:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    mode: "{{ system_settings_dns_mode | d(omit) }}"
+    servers: "{{ system_settings_dns_servers | d(omit) }}"
+    state: "set"
+  when:
+    "(system_settings_dns_mode is defined or system_settings_dns_servers is defined) and not system_settings_dns_mode_append"
+
+- name: Append the DNS domains
+  vmware.vmware_rest.appliance_networking_dns_domains:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    domain: "{{ item }}"
+    state: "add"
+  loop: "{{ system_settings_dns_domains }}"
+  when: "system_settings_dns_domains is defined and system_settings_dns_mode_append"
+
+- name: Set the DNS domains
+  vmware.vmware_rest.appliance_networking_dns_domains:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    domains: "{{ system_settings_dns_domains }}"
+    state: "set"
+  when: "system_settings_dns_domains is defined and not system_settings_dns_mode_append"
+
+- name: Set the DNS hostname
+  vmware.vmware_rest.appliance_networking_dns_hostname:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    name: "{{ system_settings_dns_hostname | d(omit) }}"
+    state: "set"
+  when: "system_settings_dns_hostname is defined"
diff --git a/roles/system_settings/tasks/main.yml b/roles/system_settings/tasks/main.yml
@@ -1,37 +1,11 @@
-- name: Set NTP servers
-  when: system_settings_ntp_servers is defined
-  block:
-    - name: Test NTP servers
-      vmware.vmware_rest.appliance_ntp:
-        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
-        vcenter_password: "{{ system_settings_password | d(omit) }}"
-        vcenter_username: "{{ system_settings_username | d(omit) }}"
-        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
-        state: test
-        servers: "{{ system_settings_ntp_servers }}"
-      register: __ntp_state
+- name: Configure ntpd
+  ansible.builtin.include_tasks: ntpd.yml
 
-    - name: Print the state of NTP servers
-      ansible.builtin.debug:
-        msg: "Warning: server {{ item.server }} status: {{ item.message }}"
-      loop: "{{ __ntp_state.value }}"
-      when: item.status == 'SERVER_UNREACHABLE'
+- name: Configure DNS
+  ansible.builtin.include_tasks: dns.yml
 
-    - name: Set NTP servers
-      vmware.vmware_rest.appliance_ntp:
-        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
-        vcenter_password: "{{ system_settings_password | d(omit) }}"
-        vcenter_username: "{{ system_settings_username | d(omit) }}"
-        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
-        servers: "{{ system_settings_ntp_servers }}"
-
-    - name: Set the timesync mode
-      vmware.vmware_rest.appliance_timesync:
-        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
-        vcenter_password: "{{ system_settings_password | d(omit) }}"
-        vcenter_username: "{{ system_settings_username | d(omit) }}"
-        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
-        mode: "NTP"
+- name: Configure proxy
+  ansible.builtin.include_tasks: proxy.yml
 
 - name: Set the timesync mode
   vmware.vmware_rest.appliance_timesync:

diff --git a/roles/system_settings/tasks/ntpd.yml b/roles/system_settings/tasks/ntpd.yml
@@ -0,0 +1,36 @@
+- name: Set NTP servers
+  when: system_settings_ntp_servers is defined
+  block:
+    - name: Test NTP servers
+      vmware.vmware_rest.appliance_ntp:
+        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+        vcenter_password: "{{ system_settings_password | d(omit) }}"
+        vcenter_username: "{{ system_settings_username | d(omit) }}"
+        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+        state: test
+        servers: "{{ system_settings_ntp_servers }}"
+      register: __ntp_state
+
+    - name: Print the state of NTP servers
+      ansible.builtin.debug:
+        msg: "Warning: server {{ item.server }} status: {{ item.message }}"
+      loop: "{{ __ntp_state.value }}"
+      when: item.status == 'SERVER_UNREACHABLE'
+
+    - name: Set NTP servers
+      vmware.vmware_rest.appliance_ntp:
+        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+        vcenter_password: "{{ system_settings_password | d(omit) }}"
+        vcenter_username: "{{ system_settings_username | d(omit) }}"
+        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+        servers: "{{ system_settings_ntp_servers }}"
+      notify: Restart ntpd
+
+    - name: Set the timesync mode
+      vmware.vmware_rest.appliance_timesync:
+        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+        vcenter_password: "{{ system_settings_password | d(omit) }}"
+        vcenter_username: "{{ system_settings_username | d(omit) }}"
+        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+        mode: "NTP"
+      notify: Restart ntpd
diff --git a/roles/system_settings/tasks/proxy.yml b/roles/system_settings/tasks/proxy.yml
@@ -0,0 +1,25 @@
+- name: Set the noproxy hosts
+  vmware.vmware_rest.appliance_networking_noproxy:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    servers: "{{ system_settings_noproxy }}"
+  when: "system_settings_noproxy is defined"
+  notify: Restart ntpd
+
+- name: Configure the proxy configuration
+  vmware.vmware_rest.appliance_networking_proxy:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    enabled: "{{ item.enabled | mandatory }}"
+    server: "{{ item.url | mandatory }}"
+    port: "{{ item.port | mandatory }}"
+    protocol: "{{ item.protocol | mandatory }}"
+    state: "{{ item.state | d(omit) }}"
+    username: "{{ item.username | d(omit) }}"
+    password: "{{ item.password | d(omit) }}"
+  loop: "{{ system_settings_proxy }}"
+  notify: Restart ntpd
diff --git a/tests/integration/targets/system_settings_test/mock.json b/tests/integration/targets/system_settings_test/mock.json
@@ -75,5 +75,44 @@
     },
     "body": "true"
   }
+},
+{
+  "httpRequest": {
+    "method": "(POST|PUT|GET)",
+    "path": "/api/appliance/networking/dns/(servers|domains|hostname)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+},
+{
+  "httpRequest": {
+    "method": "(POST|PUT|GET)",
+    "path": "/api/appliance/networking/(proxy|noproxy)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+},
+{
+  "httpRequest": {
+    "method": "(POST|PUT|GET)",
+    "path": "/api/appliance/networking/proxy/(http|https|ftp)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
 }
 ]
diff --git a/tests/integration/targets/system_settings_test/vars.yml b/tests/integration/targets/system_settings_test/vars.yml
@@ -9,3 +9,16 @@ system_settings_ntp_servers: []
 system_settings_timezone: UTC
 system_settings_global_fips: true
 system_settings_resize_storage: true
+
+# DNS
+system_settings_dns_mode: dhcp
+system_settings_dns_domains: [domain.com]
+system_settings_dns_hostname: vcenter.domain.com
+
+# Proxy
+system_settings_noproxy: [1.2.3.4]
+system_settings_proxy:
+  - protocol: http
+    url: http://localhost
+    enabled: true
+    port: 1234